Skip to content

Commit 30ae494

Browse files
CopilotCalinL
Copilot
and
CalinL
committed
feat: Add DevSecOps-4088 demo page with GHAS vulnerabilities and updated packages
Co-authored-by: CalinL <10718943+CalinL@users.noreply.github.com>
1 parent 615abf7 commit 30ae494

File tree

4 files changed

+436
-1
lines changed

4 files changed

+436
-1
lines changed

src/webapp01/Pages/DevSecOps-4088.cshtml

Lines changed: 213 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,213 @@
1+
@page
2+
@model DevSecOps4088Model
3+
@{
4+
ViewData["Title"] = "DevSecOps Demo 4088 - Latest GHAS Updates";
5+
}
6+
7+
<div class="container">
8+
<div class="row">
9+
<div class="col-12">
10+
<h1 class="display-4 text-primary">@ViewData["Title"]</h1>
11+
<p class="lead">Exploring the latest GitHub Advanced Security features and DevSecOps best practices</p>
12+
<hr />
13+
</div>
14+
</div>
15+
16+
<!-- Alert for demo messages -->
17+
@if (TempData["DemoMessage"] != null)
18+
{
19+
<div class="alert alert-info alert-dismissible fade show" role="alert">
20+
@TempData["DemoMessage"]
21+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
22+
</div>
23+
}
24+
25+
@if (TempData["ErrorMessage"] != null)
26+
{
27+
<div class="alert alert-danger alert-dismissible fade show" role="alert">
28+
@TempData["ErrorMessage"]
29+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
30+
</div>
31+
}
32+
33+
<div class="row">
34+
<!-- Latest GHAS News Section -->
35+
<div class="col-lg-8">
36+
<div class="card mb-4">
37+
<div class="card-header bg-dark text-white">
38+
<h3 class="card-title mb-0">
39+
<i class="bi bi-newspaper"></i> Latest GitHub Advanced Security News
40+
</h3>
41+
</div>
42+
<div class="card-body">
43+
@if (Model.LatestNews.Any())
44+
{
45+
<div class="list-group list-group-flush">
46+
@foreach (var newsItem in Model.LatestNews)
47+
{
48+
<div class="list-group-item d-flex align-items-start">
49+
<span class="badge bg-success rounded-pill me-3 mt-1">NEW</span>
50+
<div>
51+
<p class="mb-1">@newsItem</p>
52+
<small class="text-muted">Published: @DateTime.Now.ToString("MMMM dd, yyyy")</small>
53+
</div>
54+
</div>
55+
}
56+
</div>
57+
}
58+
else
59+
{
60+
<p class="text-muted">No news items available.</p>
61+
}
62+
</div>
63+
</div>
64+
65+
<!-- New Features Spotlight -->
66+
<div class="card mb-4">
67+
<div class="card-header bg-success text-white">
68+
<h3 class="card-title mb-0">
69+
<i class="bi bi-star"></i> Feature Spotlight
70+
</h3>
71+
</div>
72+
<div class="card-body">
73+
<h5><i class="bi bi-robot"></i> GitHub Copilot for Security</h5>
74+
<p>AI-powered security analysis directly in your development workflow. Get real-time security suggestions and vulnerability explanations as you code.</p>
75+
76+
<h5><i class="bi bi-shield-lock"></i> Advanced Secret Scanning</h5>
77+
<p>Now detecting over 200+ secret types with enhanced validity checking. Push protection prevents secrets from ever entering your repository.</p>
78+
79+
<h5><i class="bi bi-graph-up-arrow"></i> Enhanced Code Scanning</h5>
80+
<p>CodeQL 2.20+ brings improved dataflow analysis, faster query execution, and support for more languages and frameworks.</p>
81+
82+
<h5><i class="bi bi-shield-check"></i> Supply Chain Security</h5>
83+
<p>Dependency review alerts now include SBOM generation, automated updates, and comprehensive vulnerability remediation guidance.</p>
84+
</div>
85+
</div>
86+
</div>
87+
88+
<!-- Sidebar with Demo Tools -->
89+
<div class="col-lg-4">
90+
<!-- Security Demo Section -->
91+
<div class="card mb-4">
92+
<div class="card-header bg-warning text-dark">
93+
<h4 class="card-title mb-0">
94+
<i class="bi bi-exclamation-triangle"></i> Vulnerability Demo
95+
</h4>
96+
</div>
97+
<div class="card-body">
98+
<p class="text-muted small">
99+
⚠️ <strong>Warning:</strong> This page intentionally contains security vulnerabilities for GHAS demonstration.
100+
These will be detected by GitHub Advanced Security code scanning.
101+
</p>
102+
103+
<!-- User Input Test Form -->
104+
<form method="post" asp-page-handler="TestUserInput" class="mt-3">
105+
<div class="mb-3">
106+
<label for="username" class="form-label">Enter Username:</label>
107+
<input type="text" class="form-control" id="username" name="username"
108+
placeholder="Enter username" value="">
109+
<div class="form-text">
110+
⚠️ Demonstrates log forging vulnerability
111+
</div>
112+
</div>
113+
<button type="submit" class="btn btn-warning btn-sm">
114+
<i class="bi bi-play"></i> Test Input
115+
</button>
116+
</form>
117+
118+
<!-- Regex Test Form -->
119+
<form method="post" asp-page-handler="TestRegex" class="mt-4">
120+
<div class="mb-3">
121+
<label for="pattern" class="form-label">Test Regex Pattern:</label>
122+
<input type="text" class="form-control" id="pattern" name="pattern"
123+
placeholder="e.g., aaaa" value="">
124+
<div class="form-text">
125+
⚠️ Vulnerable to ReDoS attacks
126+
</div>
127+
</div>
128+
<button type="submit" class="btn btn-warning btn-sm">
129+
<i class="bi bi-play"></i> Test Pattern
130+
</button>
131+
</form>
132+
133+
<!-- SQL Query Test Form -->
134+
<form method="post" asp-page-handler="TestQuery" class="mt-4">
135+
<div class="mb-3">
136+
<label for="searchTerm" class="form-label">Search Term:</label>
137+
<input type="text" class="form-control" id="searchTerm" name="searchTerm"
138+
placeholder="Enter search term" value="">
139+
<div class="form-text">
140+
⚠️ SQL injection vulnerability demo
141+
</div>
142+
</div>
143+
<button type="submit" class="btn btn-warning btn-sm">
144+
<i class="bi bi-search"></i> Search
145+
</button>
146+
</form>
147+
</div>
148+
</div>
149+
150+
<!-- Quick Links -->
151+
<div class="card">
152+
<div class="card-header bg-info text-white">
153+
<h4 class="card-title mb-0">Resources</h4>
154+
</div>
155+
<div class="card-body">
156+
<div class="d-grid gap-2">
157+
<a href="https://github.blog/security/" class="btn btn-outline-primary btn-sm" target="_blank">
158+
<i class="bi bi-newspaper"></i> GitHub Security Blog
159+
</a>
160+
<a href="https://docs.github.com/en/code-security" class="btn btn-outline-secondary btn-sm" target="_blank">
161+
<i class="bi bi-book"></i> Security Documentation
162+
</a>
163+
<a href="https://github.com/security" class="btn btn-outline-success btn-sm" target="_blank">
164+
<i class="bi bi-shield-check"></i> Security Features
165+
</a>
166+
<a href="https://gh.io/advanced-security" class="btn btn-outline-warning btn-sm" target="_blank">
167+
<i class="bi bi-star"></i> GHAS Overview
168+
</a>
169+
</div>
170+
</div>
171+
</div>
172+
</div>
173+
</div>
174+
175+
<!-- Footer Section -->
176+
<div class="row mt-5">
177+
<div class="col-12">
178+
<div class="alert alert-light" role="alert">
179+
<h5 class="alert-heading">
180+
<i class="bi bi-lightbulb"></i> DevSecOps Best Practices
181+
</h5>
182+
<p>
183+
This demo page showcases common security vulnerabilities that GitHub Advanced Security can detect:
184+
</p>
185+
<ul>
186+
<li>Log injection and log forging vulnerabilities</li>
187+
<li>Regular Expression Denial of Service (ReDoS) patterns</li>
188+
<li>Hardcoded credentials and secrets</li>
189+
<li>SQL injection vulnerabilities</li>
190+
<li>Insecure deserialization patterns</li>
191+
</ul>
192+
<hr>
193+
<p class="mb-0">
194+
Enable <a href="https://github.com/features/security" target="_blank">GitHub Advanced Security</a>
195+
to automatically detect and remediate these security issues in your codebase.
196+
</p>
197+
</div>
198+
</div>
199+
</div>
200+
</div>
201+
202+
@section Scripts {
203+
<script>
204+
// Auto-dismiss alerts after 5 seconds
205+
setTimeout(function() {
206+
const alerts = document.querySelectorAll('.alert-dismissible');
207+
alerts.forEach(alert => {
208+
const bsAlert = new bootstrap.Alert(alert);
209+
bsAlert.close();
210+
});
211+
}, 5000);
212+
</script>
213+
}

0 commit comments

Comments
 (0)